Authentication and Authorization
To use the PlanPay API, you'll need to authenticate your API requests using your unique merchant ID and API key. These are used in combination with basic authentication, which involves base64 encoding the credentials and passing them in the HTTP Authorization header.
Take a look at the API Keys section to learn about API keys and the process to acquire them.
All API calls when integrating PlanPay must come from the backend/server, not the frontend/client, to ensure the security of your API key. Use the Authorization header to authenticate and authorize back-end API requests only, and never include it with front-end/client requests to prevent API credential theft.
Merchant ID
Your merchant ID is a 12-character code consisting of lower-case letters and numbers. It uniquely identifies your account with the PlanPay API, and will be provided to you by the PlanPay team.
For example: a1b2c3d4e5f6.
API Key
Your API key is a longer, randomly generated string consisting of lower-case letters, numbers, and punctuation. It provides access to the PlanPay API and should be kept secret.
For example: nkl3qy7v9rx2sw8mz5fd1aj0c6gb4eph
Basic Authentication
To authenticate PlanPay API requests, you'll need to pass your merchant ID and API key in the Authorization header using basic authentication. The header should have the following format:
Authorization: Basic base64_encode(merchantId:apiKey)
In this format, merchantId is your unique merchant ID and apiKey is your API key. The two are combined with a colon (:) character, then base64-encoded.
For example, if your merchantId is a1b2c3d4e5f6 and your apiKey is nkl3qy7v9rx2sw8mz5fd1aj0c6gb4eph, you would encode the following string:
a1b2c3d4e5f6:nkl3qy7v9rx2sw8mz5fd1aj0c6gb4eph
This would result in the following authorization header:
Authorization: Basic YTFiMmMzZDRlNWY2Om5rbDNxeTd2OXJ4MnN3OG16NWZkMWFqMGM2Z2I0ZXBo
Remember to replace merchantId and apiKey with your actual values.
The base64 encoding of the header is used to comply with the RFC 7617 standard and not for security purposes.
TLS 1.2 or greater is required for secure communication with the PlanPay APIs.